General
-
Target
Payment Advice GLV225445686.r00
-
Size
675KB
-
Sample
210225-n4vhgjkzme
-
MD5
9511fbf0e7e9012c4e00b1fe68c106f0
-
SHA1
1b669963c29f5d6d764b804e73088f2635ae09d9
-
SHA256
41c8f6068a2af552f4ab9edd254217b79983f3416205d8bc6e3397c8ffcd043d
-
SHA512
49281a4df537388f07156ea0e959f0ac857fb877078f381eec9bab62037406b031c4e6804d2be751bd14e8537adcd98dcb23b211504620a74aee15f4263d2d1b
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice GLV225445686.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Payment Advice GLV225445686.exe
-
Size
708KB
-
MD5
757844785304a9b94d0f994b24a2f177
-
SHA1
4d01dcfa4292530139fc7d9264466bafd63ab8ed
-
SHA256
9c3da492d0b98fec833d5217e46cee71fd67cf4d0bae48267cc4007095f096d2
-
SHA512
5d0c21c7648c2b618eb079bb2cf699f89a36deab5e360b9db3244b1213b1da967b248708999bc89c7d039c9afdb5b3c4756f34d3e6203d8ef3b1ca89cd5a8176
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-